Ukraine crisis proves cyber conflict is a reality of modern warfare

Cyber attacks in Ukraine show how aggression is crossing over from the virtual
world to the real one, says Jarno Limnéll

Unidentified soldiers block the Ukrainian naval base in the village of Novoozerne, near Simferopol Photo: Ivan Sekretarev/AP

By Jarno Limnéll

12:00PM BST 19 Apr 2014

A hundred years ago, World War I moved warfare into the skies. Today no nation regards its security as complete without an air force, and no serious future conflict will lack a cyber aspect, either.

Russia and Ukraine apparently traded cyber attacks during the referendum on Crimea. Media reports indicate NATO and Ukrainian media websites suffered DDoS (denial of service) assaults during the vote, and that servers in Moscow took apparently retaliatory – and bigger – strikes afterward.

Observers tend to miss, though, that these are relatively modest skirmishes in cyber space. They routinely break out among competing states, even without concurrent political or military hostilities. Angling to hobble an opponent’s web resources by clogging networks with junk traffic? Another day at the office.

I see three distinct levels or “rings” to contemporary cyber conflicts. Only the first is clearly apparent in the Ukraine crisis. Full-blown cyber war is not yet occurring. The prospect of escalation, however, is real and worrisome. The West should watch carefully, because developments in Ukraine offer a model for contemporary conflicts worldwide – which will henceforth have integral cyber elements for all but the least developed nations.

By observing Ukraine we can deduce not only the capabilities of cyber weapons, but the goals and policies behind their use.

The first category of cyber conflict is the “business as usual” level – DDoS attacks and similar crude incursions. Website disruptions exert minor pressure on an enemy. They are the most visible strain of cyber attack, since anyone can verify success. (When the web page won’t load, it worked.) These little thrusts tend to be ongoing; they are everyday espionage. During diplomatic conflicts or worse, however, the number and variety of attacks increase.

The first-category attacks in Ukraine show evidence of outsourcing. As was the case in Russia’s earlier confrontations with Estonia and Georgia, the attacks seem to come from mercenaries or state-backed “patriotic hackers” rather than the armed forces or intelligence apparatus. In other words, the job of doing the attacking was handed off to proxies. This is worrying, as hiring hacktivists affords governments plausible deniability regarding involvement in cyber assaults.

During the Cold War the superpowers fought proxy conflicts, pouring training, money, and materiel into showdown theatres like Vietnam. Contract cyber warriors are the 21st century continuation of that practice, though of course one need no longer be a superpower to spark havoc.

The second category of cyber conflict is concentrated information operations, or INFOOPs, across the Internet. INFOOPs refer to propaganda and disinformation campaigns to shift or inflame public opinion.

Russia fought and won an “information war” in conventional media during the run-up to the Crimea vote. There were scripted interviews, doctored images, and footage of Russians being mistreated amid increasing violence and insecurity.

The cyber side of INFOOPS is a case of new bottles, old wine. Disinformation specialists may pump classic propaganda through web news outlets and social media, infiltrating online communities, and making it harder for the online population to discern the truth.

There is a silver lining, though, to the INFOOPS level of cyber conflict. As long as things stay at that level, as long as misinformation is abundant and the populace has difficulty discerning what’s true and what’s false, the crisis has not yet flared into all-out war, real or virtual.

But beyond INFOOPS lies the third, most alarming level of cyber conflict: attacks on critical infrastructure, public and private, with the goal of disrupting or disabling essential services. Targets could include ATM networks, e-commerce systems, energy grids, transit and road signals, air traffic control, and certainly military command lines. If the Ukraine conflict escalates to this level it means the formal onset of cyber war, and war via the usual, physical means would be more likely. The greater the real-world consequences of cyber attacks, the slipperier the slide, we may speculate, toward military hostilities.

The means of warfare reflect the society waging it. It is logical for a modern, networked information society to make its networks into battlefields. However, there is a great deal still for governments to understand about the escalation patterns and ripple consequences of cyber war – particularly where aggression is likely to cross spheres from the virtual world to the real one.

That is why Crimea, for all the pain and tension it represents, is also such an opportunity. We are watching a modern cyber conflict unfold in real time, learning the scope of damage done by blunt-force “business as usual” attacks, speculating about the effects of disinformation in cyberspace, and hoping a stage-three infrastructure assault does not occur or provoke military violence. It is to be hoped that the chessmasters in Moscow and Kiev, flexing and testing their cyber capabilities, are also learning as they go – particularly about the virtues of restraint.

Jarno Limnéll is a Doctor of Military Science, and Director of Cyber Security at McAfee.